– Sumedh Nene
As part of the Tips, Tricks, and Best Practices, I will try to introduce you to a topic that is quickly becoming a trend in the cyber world—Cybersecurity Maturity Model Certification (CMMC). What is it, what makes it a big deal, why should technology writers care about it, and is it worth learning about it? We will explore all these points here.
CMMC is a framework being introduced to play a pivotal role in increasing resilience against cyber-attacks and safeguarding sensitive data. It will help implement organizational cybersecurity practices across various domains such as Access Control, Audit & Accountability (AU), Identification & Authentication (IA), System & Information Integrity (SI), Configuration Management (CM), just to name a few. Refer to the official CMMC Assessment Guide, which describes the requirements for each control assessed as part of the audits.
We will not go into the details of the 5 levels of CMMC or the differences between Controlled Unclassified Information (CUI) and Federal Contracting Information (FCI) here; you can find all that on the DoD’s CMMC site. However, CMMC is quickly becoming a must-have for organizations that do business with the US Department of Defense (DoD). The DoD has mandated that by October 2024 (or FY2025) all contractors and vendors that process CUI or FCI data will be required to meet some level of certification to demonstrate their level of maturity before they can sign any DoD contracts. The DoD currently works with approximately 300,000 suppliers and vendors!
I think this staggering number is enough to demonstrate the massive opportunity for technical writers in India. There is virtually unlimited documentation that will need to be completed—System Security Plans (SSPs), Data Flow Diagrams, IT and GRC policies, Disaster Recovery and Business Continuity Plans; the list is never-ending. Early adopters have already started working on the certification and it’s only a matter of time before global organizations start looking at countries like India to help them get audit-ready.
If you have any kind of background in auditing, cybersecurity, information security, or related fields, there might be a smaller learning curve. Prior knowledge of writing SOPs, authoring IT policies and guidelines, or exposure to the Governance, Risk and Compliance (GRC) space will be a definite plus.
With so many companies looking to obtain the certification and more being added continuously, CMMC is very likely the next big trend, providing a massive opportunity for technical writers over the next few years. Upskilling on this topic would be a great idea.
You can reach Sumedh Nene at LearnTechWriting@gmail.com.
Sumedh has been in Technical Communications since 1995. Over the years he has worked in US (Bay Area), Canada, Australia, Singapore and India. He has been a faculty for TechComms subjects at BITS Pilani, SIMS Pune, Rotman School of Management and George Brown College in Toronto.
Current Role: Technical Writer, Trainer, Editor, Documentation Specialist
Company: CrackerJack WordSmiths Inc.
City: Mississauga, Canada
Connect at LinkedIn
No Comments